mobbdev 1.2.33 → 1.2.35

package/dist/args/commands/upload_ai_blame.mjs

@@ -73,6 +73,12 @@ function getSdk(client, withWrapper = defaultWrapper) {
     FinalizeAIBlameInferencesUpload(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: FinalizeAiBlameInferencesUploadDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "FinalizeAIBlameInferencesUpload", "mutation", variables);
     },
+    UploadTracyRecords(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: UploadTracyRecordsDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "UploadTracyRecords", "mutation", variables);
+    },
+    GetTracyRawDataUploadUrls(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: GetTracyRawDataUploadUrlsDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "GetTracyRawDataUploadUrls", "mutation", variables);
+    },
     DigestVulnerabilityReport(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: DigestVulnerabilityReportDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "DigestVulnerabilityReport", "mutation", variables);
     },
@@ -126,7 +132,7 @@ function getSdk(client, withWrapper = defaultWrapper) {
     }
   };
 }
-var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, defaultWrapper;
+var AiBlameInferenceType, FixQuestionInputType, Language, ManifestAction, Effort_To_Apply_Fix_Enum, Fix_Rating_Tag_Enum, Fix_Report_State_Enum, Fix_State_Enum, IssueLanguage_Enum, IssueType_Enum, Pr_Status_Enum, Project_Role_Type_Enum, Vulnerability_Report_Issue_Category_Enum, Vulnerability_Report_Issue_State_Enum, Vulnerability_Report_Issue_Tag_Enum, Vulnerability_Report_Vendor_Enum, Vulnerability_Severity_Enum, FixDetailsFragmentDoc, FixReportSummaryFieldsFragmentDoc, MeDocument, GetLastOrgAndNamedProjectDocument, GetLastOrgDocument, GetEncryptedApiTokenDocument, FixReportStateDocument, GetVulnerabilityReportPathsDocument, GetAnalysisSubscriptionDocument, GetAnalysisDocument, GetFixesDocument, GetVulByNodesMetadataDocument, GetFalsePositiveDocument, UpdateScmTokenDocument, UploadS3BucketInfoDocument, GetTracyDiffUploadUrlDocument, AnalyzeCommitForExtensionAiBlameDocument, GetAiBlameInferenceDocument, GetAiBlameAttributionPromptDocument, GetPromptSummaryDocument, UploadAiBlameInferencesInitDocument, FinalizeAiBlameInferencesUploadDocument, UploadTracyRecordsDocument, GetTracyRawDataUploadUrlsDocument, DigestVulnerabilityReportDocument, SubmitVulnerabilityReportDocument, CreateCommunityUserDocument, CreateCliLoginDocument, PerformCliLoginDocument, CreateProjectDocument, ValidateRepoUrlDocument, GitReferenceDocument, AutoPrAnalysisDocument, GetFixReportsByRepoUrlDocument, GetReportFixesDocument, GetLatestReportByRepoUrlDocument, UpdateDownloadedFixDataDocument, GetUserMvsAutoFixDocument, StreamBlameAiAnalysisRequestsDocument, StreamCommitBlameRequestsDocument, ScanSkillDocument, defaultWrapper;
 var init_client_generates = __esm({
   "src/features/analysis/scm/generates/client_generates.ts"() {
     "use strict";
@@ -962,6 +968,28 @@ var init_client_generates = __esm({
     status
     error
   }
+}
+    `;
+    UploadTracyRecordsDocument = `
+    mutation UploadTracyRecords($records: [TracyRecordInput!]!) {
+  uploadTracyRecords(records: $records) {
+    status
+    error
+  }
+}
+    `;
+    GetTracyRawDataUploadUrlsDocument = `
+    mutation GetTracyRawDataUploadUrls($recordIds: [String!]!) {
+  getTracyRawDataUploadUrls(recordIds: $recordIds) {
+    status
+    error
+    uploads {
+      recordId
+      url
+      uploadFieldsJSON
+      uploadKey
+    }
+  }
 }
     `;
     DigestVulnerabilityReportDocument = `
@@ -2227,20 +2255,20 @@ function computeCanonicalUrl(data) {
   } = data;
   switch (scmType) {
     case "GitHub" /* GitHub */:
-      return `https://${hostname}/${organization}/${repoName}`;
+      return `https://${hostname}/${organization.toLowerCase()}/${repoName.toLowerCase()}`;
     case "GitLab" /* GitLab */:
-      return `https://${hostname}/${projectPath}`;
+      return `https://${hostname}/${projectPath.toLowerCase()}`;
     case "Bitbucket" /* Bitbucket */:
-      return `https://${hostname}/${organization}/${repoName}`;
+      return `https://${hostname}/${organization.toLowerCase()}/${repoName.toLowerCase()}`;
     case "Ado" /* Ado */: {
       const adoHostname = hostname === "ssh.dev.azure.com" ? "dev.azure.com" : hostname;
       if (projectName) {
-        return `https://${adoHostname}/${organization}/${projectName}/_git/${repoName}`;
+        return `https://${adoHostname}/${organization.toLowerCase()}/${projectName.toLowerCase()}/_git/${repoName.toLowerCase()}`;
       }
-      return `https://${adoHostname}/${organization}/_git/${repoName}`;
+      return `https://${adoHostname}/${organization.toLowerCase()}/_git/${repoName.toLowerCase()}`;
     }
     default:
-      return `https://${hostname}/${projectPath}`;
+      return `https://${hostname}/${projectPath.toLowerCase()}`;
   }
 }
 function detectAdoUrl(args) {
@@ -4082,7 +4110,7 @@ import z27 from "zod";
 
 // src/commands/handleMobbLogin.ts
 import chalk2 from "chalk";
-import Debug7 from "debug";
+import Debug10 from "debug";
 
 // src/utils/dirname.ts
 import fs from "fs";
@@ -4211,6 +4239,7 @@ var CliError = class extends Error {
 // src/commands/AuthManager.ts
 import crypto from "crypto";
 import os from "os";
+import Debug9 from "debug";
 import open from "open";
 
 // src/constants.ts
@@ -4304,7 +4333,7 @@ var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 
 // src/features/analysis/graphql/gql.ts
 import Debug6 from "debug";
-import { GraphQLClient } from "graphql-request";
+import { ClientError, GraphQLClient } from "graphql-request";
 import { v4 as uuidv4 } from "uuid";
 
 // src/mcp/core/Errors.ts
@@ -4374,8 +4403,7 @@ function getProxyAgent(url) {
     const isHttps = parsedUrl.protocol === "https:";
     const proxy = isHttps ? getHttpProxy() : isHttp ? getHttpProxyOnly() : null;
     if (proxy) {
-      debug2("Using proxy %s", proxy);
-      debug2("Proxy agent %o", proxy);
+      debug2("Using proxy %s for %s", proxy, url);
       return new HttpsProxyAgent(proxy);
     }
   } catch (err) {
@@ -6663,6 +6691,19 @@ var GetVulByNodesMetadataZ = z26.object({
 
 // src/features/analysis/graphql/gql.ts
 var debug7 = Debug6("mobbdev:gql");
+function isAuthError(error) {
+  if (error instanceof ClientError) {
+    const gqlErrors = error.response?.errors;
+    return gqlErrors?.some(
+      (e) => e.extensions?.["code"] === "access-denied" || e.message?.includes("Authentication hook unauthorized")
+    ) ?? false;
+  }
+  return false;
+}
+function isNetworkError(error) {
+  const errorString = error?.toString() ?? "";
+  return errorString.includes("FetchError") || errorString.includes("TypeError") || errorString.includes("ECONNREFUSED") || errorString.includes("ENOTFOUND") || errorString.includes("ETIMEDOUT") || errorString.includes("UND_ERR");
+}
 var API_KEY_HEADER_NAME = "x-mobb-key";
 var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
 var GQLClient = class {
@@ -6722,23 +6763,35 @@ var GQLClient = class {
     try {
       await this.getUserInfo();
     } catch (e) {
-      if (e?.toString().startsWith("FetchError")) {
-        debug7("verify connection failed %o", e);
+      if (isNetworkError(e)) {
+        debug7("verify connection failed (network error) %o", e);
         return false;
       }
+      debug7("verify connection: endpoint reachable but request failed %o", e);
     }
     return true;
   }
   async validateUserToken() {
-    await this.createCommunityUser();
-    let info;
     try {
-      info = await this.getUserInfo();
+      await this.createCommunityUser();
+      const info = await this.getUserInfo();
+      if (!info) {
+        debug7("verify token failed - no user info returned");
+        return false;
+      }
+      return info.email || true;
     } catch (e) {
-      debug7("verify token failed %o", e);
-      return false;
+      if (isAuthError(e)) {
+        debug7("verify token failed - auth error %o", e);
+        return false;
+      }
+      if (isNetworkError(e)) {
+        debug7("verify token failed - network error, rethrowing %o", e);
+        throw e;
+      }
+      debug7("verify token failed - unexpected error, rethrowing %o", e);
+      throw e;
     }
-    return info?.email || true;
   }
   async getLastOrgAndNamedProject(params) {
     const me = await this.getUserInfo();
@@ -7094,6 +7147,12 @@ var GQLClient = class {
   async finalizeAIBlameInferencesUploadRaw(variables) {
     return await this._clientSdk.FinalizeAIBlameInferencesUpload(variables);
   }
+  async uploadTracyRecords(variables) {
+    return await this._clientSdk.UploadTracyRecords(variables);
+  }
+  async getTracyRawDataUploadUrls(variables) {
+    return await this._clientSdk.GetTracyRawDataUploadUrls(variables);
+  }
   async analyzeCommitForExtensionAIBlame(variables) {
     return await this._clientSdk.AnalyzeCommitForExtensionAIBlame(variables);
   }
@@ -7111,6 +7170,209 @@ var GQLClient = class {
   }
 };
 
+// src/features/analysis/graphql/tracy-batch-upload.ts
+import { promisify } from "util";
+import { gzip } from "zlib";
+import Debug8 from "debug";
+
+// src/utils/sanitize-sensitive-data.ts
+import { OpenRedaction } from "@openredaction/openredaction";
+var openRedaction = new OpenRedaction({
+  patterns: [
+    // Core Personal Data
+    // Removed EMAIL - causes false positives in code/test snippets (e.g. --author="Eve Author <eve@example.com>")
+    // Prefer false negatives over false positives for this use case.
+    "SSN",
+    "NATIONAL_INSURANCE_UK",
+    "DATE_OF_BIRTH",
+    // Identity Documents
+    "PASSPORT_UK",
+    "PASSPORT_US",
+    "PASSPORT_MRZ_TD1",
+    "PASSPORT_MRZ_TD3",
+    "DRIVING_LICENSE_UK",
+    "DRIVING_LICENSE_US",
+    "VISA_NUMBER",
+    "VISA_MRZ",
+    "TAX_ID",
+    // Financial Data (removed SWIFT_BIC, CARD_AUTH_CODE - too broad, causing false positives with authentication words)
+    // Removed CREDIT_CARD - causes false positives on zero-filled UUIDs (e.g. '00000000-0000-0000-0000-000000000000')
+    // Prefer false negatives over false positives for this use case.
+    "IBAN",
+    "BANK_ACCOUNT_UK",
+    "ROUTING_NUMBER_US",
+    "CARD_TRACK1_DATA",
+    "CARD_TRACK2_DATA",
+    "CARD_EXPIRY",
+    // Cryptocurrency (removed BITCOIN_ADDRESS - too broad, matches hash-like strings)
+    "ETHEREUM_ADDRESS",
+    "LITECOIN_ADDRESS",
+    "CARDANO_ADDRESS",
+    "SOLANA_ADDRESS",
+    "MONERO_ADDRESS",
+    "RIPPLE_ADDRESS",
+    // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
+    // Removed MEDICAL_RECORD_NUMBER - too broad, "MR" prefix matches "Merge Request" in SCM contexts (e.g. "MR branches" → "MR br****es")
+    "NHS_NUMBER",
+    "AUSTRALIAN_MEDICARE",
+    "HEALTH_PLAN_NUMBER",
+    "PATIENT_ID",
+    // Communications (removed EMERGENCY_CONTACT, ADDRESS_PO_BOX, ZIP_CODE_US, PHONE_US, PHONE_INTERNATIONAL - too broad, causing false positives)
+    "PHONE_UK",
+    "PHONE_UK_MOBILE",
+    "PHONE_LINE_NUMBER",
+    "ADDRESS_STREET",
+    "POSTCODE_UK",
+    // Network & Technical
+    "IPV4",
+    "IPV6",
+    "MAC_ADDRESS",
+    "URL_WITH_AUTH",
+    // Security Keys & Tokens
+    "PRIVATE_KEY",
+    "SSH_PRIVATE_KEY",
+    "AWS_SECRET_KEY",
+    "AWS_ACCESS_KEY",
+    "AZURE_STORAGE_KEY",
+    "GCP_SERVICE_ACCOUNT",
+    "JWT_TOKEN",
+    "OAUTH_TOKEN",
+    "OAUTH_CLIENT_SECRET",
+    "BEARER_TOKEN",
+    "PAYMENT_TOKEN",
+    "GENERIC_SECRET",
+    "GENERIC_API_KEY",
+    // Platform-Specific API Keys
+    "GITHUB_TOKEN",
+    "SLACK_TOKEN",
+    "STRIPE_API_KEY",
+    "GOOGLE_API_KEY",
+    "FIREBASE_API_KEY",
+    "HEROKU_API_KEY",
+    "MAILGUN_API_KEY",
+    "SENDGRID_API_KEY",
+    "TWILIO_API_KEY",
+    "NPM_TOKEN",
+    "PYPI_TOKEN",
+    "DOCKER_AUTH",
+    "KUBERNETES_SECRET",
+    // Government & Legal
+    // Removed CLIENT_ID - too broad, "client" is ubiquitous in code (npm packages like @scope/client-*, class names like ClientSdkOptions)
+    "POLICE_REPORT_NUMBER",
+    "IMMIGRATION_NUMBER",
+    "COURT_REPORTER_LICENSE"
+  ]
+});
+function maskString(str, showStart = 2, showEnd = 2) {
+  if (str.length <= showStart + showEnd) {
+    return "*".repeat(str.length);
+  }
+  return str.slice(0, showStart) + "*".repeat(str.length - showStart - showEnd) + str.slice(-showEnd);
+}
+async function sanitizeDataWithCounts(obj) {
+  const counts = {
+    detections: { total: 0, high: 0, medium: 0, low: 0 }
+  };
+  const sanitizeString = async (str) => {
+    let result = str;
+    const piiDetections = openRedaction.scan(str);
+    if (piiDetections && piiDetections.total > 0) {
+      const allDetections = [
+        ...piiDetections.high,
+        ...piiDetections.medium,
+        ...piiDetections.low
+      ];
+      for (const detection of allDetections) {
+        counts.detections.total++;
+        if (detection.severity === "high") counts.detections.high++;
+        else if (detection.severity === "medium") counts.detections.medium++;
+        else if (detection.severity === "low") counts.detections.low++;
+        const masked = maskString(detection.value);
+        result = result.replaceAll(detection.value, masked);
+      }
+    }
+    return result;
+  };
+  const sanitizeRecursive = async (data) => {
+    if (typeof data === "string") {
+      return sanitizeString(data);
+    } else if (Array.isArray(data)) {
+      return Promise.all(data.map((item) => sanitizeRecursive(item)));
+    } else if (data instanceof Error) {
+      return data;
+    } else if (data instanceof Date) {
+      return data;
+    } else if (typeof data === "object" && data !== null) {
+      const sanitized = {};
+      const record = data;
+      for (const key in record) {
+        if (Object.prototype.hasOwnProperty.call(record, key)) {
+          sanitized[key] = await sanitizeRecursive(record[key]);
+        }
+      }
+      return sanitized;
+    }
+    return data;
+  };
+  const sanitizedData = await sanitizeRecursive(obj);
+  return { sanitizedData, counts };
+}
+
+// src/features/analysis/upload-file.ts
+import Debug7 from "debug";
+import fetch3, { File, fileFrom, FormData } from "node-fetch";
+var debug8 = Debug7("mobbdev:upload-file");
+async function uploadFile({
+  file,
+  url,
+  uploadKey,
+  uploadFields,
+  logger
+}) {
+  const logInfo = logger || ((_message, _data) => {
+  });
+  logInfo(`FileUpload: upload file start ${url}`);
+  logInfo(`FileUpload: upload fields`, uploadFields);
+  logInfo(`FileUpload: upload key ${uploadKey}`);
+  debug8("upload file start %s", url);
+  debug8("upload fields %o", uploadFields);
+  debug8("upload key %s", uploadKey);
+  const form = new FormData();
+  Object.entries(uploadFields).forEach(([key, value]) => {
+    form.append(key, value);
+  });
+  if (!form.has("key")) {
+    form.append("key", uploadKey);
+  }
+  if (typeof file === "string") {
+    debug8("upload file from path %s", file);
+    logInfo(`FileUpload: upload file from path ${file}`);
+    form.append("file", await fileFrom(file));
+  } else {
+    debug8("upload file from buffer");
+    logInfo(`FileUpload: upload file from buffer`);
+    form.append("file", new File([new Uint8Array(file)], "file"));
+  }
+  const agent = getProxyAgent(url);
+  const response = await fetch3(url, {
+    method: "POST",
+    body: form,
+    agent
+  });
+  if (!response.ok) {
+    debug8("error from S3 %s %s", response.body, response.status);
+    logInfo(`FileUpload: error from S3 ${response.body} ${response.status}`);
+    throw new Error(`Failed to upload the file: ${response.status}`);
+  }
+  debug8("upload file done");
+  logInfo(`FileUpload: upload file done`);
+}
+
+// src/features/analysis/graphql/tracy-batch-upload.ts
+var gzipAsync = promisify(gzip);
+var debug9 = Debug8("mobbdev:tracy-batch-upload");
+var MAX_BATCH_PAYLOAD_BYTES = 3 * 1024 * 1024;
+
 // src/mcp/services/types.ts
 function buildLoginUrl(baseUrl, loginId, hostname, context) {
   const url = new URL(`${baseUrl}/${loginId}`);
@@ -7143,9 +7405,10 @@ function getConfigStore() {
 var configStore = getConfigStore();
 
 // src/commands/AuthManager.ts
+var debug10 = Debug9("mobbdev:auth");
 var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY = 5 * 1e3;
-var AuthManager = class {
+var _AuthManager = class _AuthManager {
   constructor(webAppUrl, apiUrl) {
     __publicField(this, "publicKey");
     __publicField(this, "privateKey");
@@ -7167,7 +7430,7 @@ var AuthManager = class {
   }
   async waitForAuthentication() {
     let newApiToken = null;
-    for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
+    for (let i = 0; i < _AuthManager.loginMaxWait / LOGIN_CHECK_DELAY; i++) {
       newApiToken = await this.getApiToken();
       if (newApiToken) {
         break;
@@ -7197,6 +7460,9 @@ var AuthManager = class {
     if (this.authenticated === null) {
       const result = await this.checkAuthentication();
       this.authenticated = result.isAuthenticated;
+      if (!result.isAuthenticated) {
+        debug10("isAuthenticated: false \u2014 %s", result.message);
+      }
     }
     return this.authenticated;
   }
@@ -7273,6 +7539,14 @@ var AuthManager = class {
     }
     return null;
   }
+  /**
+   * Returns true if a non-empty API token is stored in the configStore.
+   * Used for diagnostics — does NOT validate the token.
+   */
+  hasStoredToken() {
+    const token = configStore.get("apiToken");
+    return typeof token === "string" && token.length > 0;
+  }
   /**
    * Gets the current GQL client (if authenticated)
    */
@@ -7305,9 +7579,12 @@ var AuthManager = class {
     this.currentBrowserUrl = null;
   }
 };
+/** Maximum time (ms) to wait for login authentication. Override in tests for faster failures. */
+__publicField(_AuthManager, "loginMaxWait", LOGIN_MAX_WAIT);
+var AuthManager = _AuthManager;
 
 // src/commands/handleMobbLogin.ts
-var debug8 = Debug7("mobbdev:commands");
+var debug11 = Debug10("mobbdev:commands");
 var LOGIN_MAX_WAIT2 = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY2 = 5 * 1e3;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk2.bgBlue(
@@ -7319,7 +7596,7 @@ async function getAuthenticatedGQLClient({
   apiUrl,
   webAppUrl
 }) {
-  debug8(
+  debug11(
     "getAuthenticatedGQLClient called with: apiUrl=%s, webAppUrl=%s",
     apiUrl || "undefined",
     webAppUrl || "undefined"
@@ -7342,7 +7619,7 @@ async function handleMobbLogin({
   webAppUrl,
   loginContext
 }) {
-  debug8(
+  debug11(
     "handleMobbLogin: resolved URLs - apiUrl=%s (from param: %s), webAppUrl=%s (from param: %s)",
     apiUrl || "fallback",
     apiUrl || "fallback",
@@ -7361,7 +7638,7 @@ async function handleMobbLogin({
       return authManager.getGQLClient();
     }
   } catch (error) {
-    debug8("Authentication check failed:", error);
+    debug11("Authentication check failed:", error);
   }
   if (apiKey) {
     createSpinner().start().error({
@@ -7412,56 +7689,6 @@ init_client_generates();
 init_GitService();
 init_urlParser2();
 
-// src/features/analysis/upload-file.ts
-import Debug8 from "debug";
-import fetch3, { File, fileFrom, FormData } from "node-fetch";
-var debug9 = Debug8("mobbdev:upload-file");
-async function uploadFile({
-  file,
-  url,
-  uploadKey,
-  uploadFields,
-  logger
-}) {
-  const logInfo = logger || ((_message, _data) => {
-  });
-  logInfo(`FileUpload: upload file start ${url}`);
-  logInfo(`FileUpload: upload fields`, uploadFields);
-  logInfo(`FileUpload: upload key ${uploadKey}`);
-  debug9("upload file start %s", url);
-  debug9("upload fields %o", uploadFields);
-  debug9("upload key %s", uploadKey);
-  const form = new FormData();
-  Object.entries(uploadFields).forEach(([key, value]) => {
-    form.append(key, value);
-  });
-  if (!form.has("key")) {
-    form.append("key", uploadKey);
-  }
-  if (typeof file === "string") {
-    debug9("upload file from path %s", file);
-    logInfo(`FileUpload: upload file from path ${file}`);
-    form.append("file", await fileFrom(file));
-  } else {
-    debug9("upload file from buffer");
-    logInfo(`FileUpload: upload file from buffer`);
-    form.append("file", new File([new Uint8Array(file)], "file"));
-  }
-  const agent = getProxyAgent(url);
-  const response = await fetch3(url, {
-    method: "POST",
-    body: form,
-    agent
-  });
-  if (!response.ok) {
-    debug9("error from S3 %s %s", response.body, response.status);
-    logInfo(`FileUpload: error from S3 ${response.body} ${response.status}`);
-    throw new Error(`Failed to upload the file: ${response.status}`);
-  }
-  debug9("upload file done");
-  logInfo(`FileUpload: upload file done`);
-}
-
 // src/utils/computerName.ts
 import { execSync } from "child_process";
 import os2 from "os";
@@ -7551,149 +7778,6 @@ function getStableComputerName() {
   return currentName;
 }
 
-// src/utils/sanitize-sensitive-data.ts
-import { OpenRedaction } from "@openredaction/openredaction";
-var openRedaction = new OpenRedaction({
-  patterns: [
-    // Core Personal Data
-    // Removed EMAIL - causes false positives in code/test snippets (e.g. --author="Eve Author <eve@example.com>")
-    // Prefer false negatives over false positives for this use case.
-    "SSN",
-    "NATIONAL_INSURANCE_UK",
-    "DATE_OF_BIRTH",
-    // Identity Documents
-    "PASSPORT_UK",
-    "PASSPORT_US",
-    "PASSPORT_MRZ_TD1",
-    "PASSPORT_MRZ_TD3",
-    "DRIVING_LICENSE_UK",
-    "DRIVING_LICENSE_US",
-    "VISA_NUMBER",
-    "VISA_MRZ",
-    "TAX_ID",
-    // Financial Data (removed SWIFT_BIC, CARD_AUTH_CODE - too broad, causing false positives with authentication words)
-    // Removed CREDIT_CARD - causes false positives on zero-filled UUIDs (e.g. '00000000-0000-0000-0000-000000000000')
-    // Prefer false negatives over false positives for this use case.
-    "IBAN",
-    "BANK_ACCOUNT_UK",
-    "ROUTING_NUMBER_US",
-    "CARD_TRACK1_DATA",
-    "CARD_TRACK2_DATA",
-    "CARD_EXPIRY",
-    // Cryptocurrency (removed BITCOIN_ADDRESS - too broad, matches hash-like strings)
-    "ETHEREUM_ADDRESS",
-    "LITECOIN_ADDRESS",
-    "CARDANO_ADDRESS",
-    "SOLANA_ADDRESS",
-    "MONERO_ADDRESS",
-    "RIPPLE_ADDRESS",
-    // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
-    // Removed MEDICAL_RECORD_NUMBER - too broad, "MR" prefix matches "Merge Request" in SCM contexts (e.g. "MR branches" → "MR br****es")
-    "NHS_NUMBER",
-    "AUSTRALIAN_MEDICARE",
-    "HEALTH_PLAN_NUMBER",
-    "PATIENT_ID",
-    // Communications (removed EMERGENCY_CONTACT, ADDRESS_PO_BOX, ZIP_CODE_US, PHONE_US, PHONE_INTERNATIONAL - too broad, causing false positives)
-    "PHONE_UK",
-    "PHONE_UK_MOBILE",
-    "PHONE_LINE_NUMBER",
-    "ADDRESS_STREET",
-    "POSTCODE_UK",
-    // Network & Technical
-    "IPV4",
-    "IPV6",
-    "MAC_ADDRESS",
-    "URL_WITH_AUTH",
-    // Security Keys & Tokens
-    "PRIVATE_KEY",
-    "SSH_PRIVATE_KEY",
-    "AWS_SECRET_KEY",
-    "AWS_ACCESS_KEY",
-    "AZURE_STORAGE_KEY",
-    "GCP_SERVICE_ACCOUNT",
-    "JWT_TOKEN",
-    "OAUTH_TOKEN",
-    "OAUTH_CLIENT_SECRET",
-    "BEARER_TOKEN",
-    "PAYMENT_TOKEN",
-    "GENERIC_SECRET",
-    "GENERIC_API_KEY",
-    // Platform-Specific API Keys
-    "GITHUB_TOKEN",
-    "SLACK_TOKEN",
-    "STRIPE_API_KEY",
-    "GOOGLE_API_KEY",
-    "FIREBASE_API_KEY",
-    "HEROKU_API_KEY",
-    "MAILGUN_API_KEY",
-    "SENDGRID_API_KEY",
-    "TWILIO_API_KEY",
-    "NPM_TOKEN",
-    "PYPI_TOKEN",
-    "DOCKER_AUTH",
-    "KUBERNETES_SECRET",
-    // Government & Legal
-    // Removed CLIENT_ID - too broad, "client" is ubiquitous in code (npm packages like @scope/client-*, class names like ClientSdkOptions)
-    "POLICE_REPORT_NUMBER",
-    "IMMIGRATION_NUMBER",
-    "COURT_REPORTER_LICENSE"
-  ]
-});
-function maskString(str, showStart = 2, showEnd = 2) {
-  if (str.length <= showStart + showEnd) {
-    return "*".repeat(str.length);
-  }
-  return str.slice(0, showStart) + "*".repeat(str.length - showStart - showEnd) + str.slice(-showEnd);
-}
-async function sanitizeDataWithCounts(obj) {
-  const counts = {
-    detections: { total: 0, high: 0, medium: 0, low: 0 }
-  };
-  const sanitizeString = async (str) => {
-    let result = str;
-    const piiDetections = openRedaction.scan(str);
-    if (piiDetections && piiDetections.total > 0) {
-      const allDetections = [
-        ...piiDetections.high,
-        ...piiDetections.medium,
-        ...piiDetections.low
-      ];
-      for (const detection of allDetections) {
-        counts.detections.total++;
-        if (detection.severity === "high") counts.detections.high++;
-        else if (detection.severity === "medium") counts.detections.medium++;
-        else if (detection.severity === "low") counts.detections.low++;
-        const masked = maskString(detection.value);
-        result = result.replaceAll(detection.value, masked);
-      }
-    }
-    return result;
-  };
-  const sanitizeRecursive = async (data) => {
-    if (typeof data === "string") {
-      return sanitizeString(data);
-    } else if (Array.isArray(data)) {
-      return Promise.all(data.map((item) => sanitizeRecursive(item)));
-    } else if (data instanceof Error) {
-      return data;
-    } else if (data instanceof Date) {
-      return data;
-    } else if (typeof data === "object" && data !== null) {
-      const sanitized = {};
-      const record = data;
-      for (const key in record) {
-        if (Object.prototype.hasOwnProperty.call(record, key)) {
-          sanitized[key] = await sanitizeRecursive(record[key]);
-        }
-      }
-      return sanitized;
-    }
-    return data;
-  };
-  const sanitizedData = await sanitizeRecursive(obj);
-  return { sanitizedData, counts };
-}
-
 // src/args/commands/upload_ai_blame.ts
 var defaultLogger = {
   info: (msg, data) => {
@@ -8014,6 +8098,8 @@ async function uploadAiBlameCommandHandler(args) {
   await uploadAiBlameHandler({ args });
 }
 export {
+  getRepositoryUrl,
+  getSystemInfo,
   uploadAiBlameBuilder,
   uploadAiBlameCommandHandler,
   uploadAiBlameHandler,